Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
How do I troubleshoot the "exceeded the maximum limit for Lambda HyperPlane elastic network interfaces for your VPC" error for a Lambda function?
I updated an AWS Lambda function that's connected to an Amazon Virtual Private Cloud (Amazon VPC) and received the following error: "You have exceeded the maximum limit for Lambda HyperPlane ENIs for your VPC."
Short description
When you configure a Lambda function to access resources in an Amazon VPC, Lambda creates a Hyperplane elastic network interface. The Hyperplane network interface is created the first time that a unique subnet and security group combination is defined.
The default quota limit for network interfaces for Amazon VPC is 500. When you exceed the network interface quota, then you get a limit exceeded error.
Resolution
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.
Identify the usage of Hyperplane network interfaces in your Amazon VPC
To find the total number of Hyperplane network interfaces in use by Lambda for your Amazon VPC, run the describe-network-interfaces command:
$ aws ec2 describe-network-interfaces --region us-east-1 \ --filters 'Name=vpc-id,Values=VPC' 'Name=status,Values=in-use' \ --query 'NetworkInterfaces[?InterfaceType==`lambda`].NetworkInterfaceId'
Note: Replace VPC with your Amazon VPC ID and region with your AWS Region.
To find the network interface that belongs to a Lambda function, run the Lambda ENI finder script on the GitHub website.
Remove Amazon VPC configurations for Lambda functions that don't access private resources
It's a best practice to configure an Amazon VPC for your Lambda function to access only private resources. After you update a function to remove its Amazon VPC configuration, Lambda deletes the attached Hyperplane network interface.
Note: Lambda deletes the Hyperplane network interface only when no other functions or published versions use that Hyperplane network interface.
To identify a function that uses an network interface, see Why can't I detach or delete an elastic network interface that Lambda created?
Remove unused versions for active Lambda functions and reuse Hyperplane network interfaces
If your Lambda function configured with your Amazon VPC has multiple published versions, then it's a best practice to remove unused versions. Removal of unused Lambda function versions helps to release unused Hyperplane network interfaces.
If a Lambda function remains idle for consecutive weeks, then Lambda reclaims the unused Hyperplane network interfaces and sets the function state to idle. Lambda doesn't delete Hyperplane network interfaces that are in use by Lambda functions.
Lambda reuses the Hyperplane network interface for other Amazon VPC activated functions in your account that use the same subnet and security group combination. You can configure the same security group subnet pairing to reuse the network interfaces across functions.
For more information, see Understanding Hyperplane Elastic Network Interfaces (ENIs).
Note: It's a best practice to share network interfaces to reduce the number of interfaces needed when possible.
Open a quota increase case in the Service Quotas dashboard
If you determine that your use case requires a higher service quota for Hyperplane network interfaces, request a service quota increase. For more information, see Requesting a quota increase.
Related information
How do I request a concurrency limit increase for my Lambda function?
Relevant content
asked a year ago- asked 2 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
